Amendments to the Claims 



1-12. (Cancelled) 

13. (Currently amended) A method comprising: 

receiving from a subscriber on an access network an authentication request, the 
authentication request identifying the subscriber and identifying a designated service provider 
from among a plurality of service providers; 

sending the authentication request to the designated service provider; 

receiving from the designated service provider an authentication response indicating 
successful authentication of the subscriber by the designated service provider, wherein the 
authentication response includes a service qualification that indicates at least one of (i) one or 
more types of services authorized for the subscriber and (ii) one or more extents of service 
authorized for the subscriber; 

responsive to the authentication response, assigning the subscriber to operate in a 
designated layer of the access network set aside for subscribers that have been authenticated by 
the designated service provider and to operate according to the service qualification , wherein the 
access network is an IP network and the designated layer is an IP subnet, and wherein assigning 
the subscriber to operate in the designated layer comprises assigning to the subscriber an IP 
address in the IP subnet ; and 

serving the subscriber in the designated layer of the access network 

wherein serving the subscriber in the designated layer comprises handling 
communications with the subscriber according to a logic set established for the designated layer, 

-2- 




wherein handling communications with the subscriber according to the logic set 
established for the designated layer comprises (i) detecting a packet bearing the IP address 
assigned to the subscriber, and (ii) responsively applying the logic set to restrict transmission of 
the packet, and 

wherein handling communications with the subscriber according to the logic set 
established for the designated layer comprises disallowing at least a predetermined type of 
communication from passing from the subscriber to outside of the access network. 

14-16. (Cancelled) 

17. (Previously presented) The method of claim 13, wherein serving the 
subscriber in the designated layer of the access network comprises: 

a gateway on the access network detecting a web page being sent to the subscriber; and 
the gateway modifying the web page to include an advertisement for the designated 
service provider. 

18. (Original) The method of claim 13, further comprising prompting the 
subscriber to provide the authentication request. 

19. (Original) The method of claim 18, wherein prompting the subscriber for the 
authentication request comprises: 

presenting to the subscriber a set of the plurality of service providers; and 



prompting the subscriber to select a service provider from among the plurality presented, 
wherein the subscriber selects the designated service provider from among the plurality. 

20. (Original) The method of claim 13, wherein the access network comprises a 
wireless access network. 

21. (Currently amended) A method carried out by an access network, the method 
comprising: 

prompting a first client station to select a service provider from among a plurality of 
service providers, and receiving a signal from the first client station, indicating a first selected 
service provider; 

sending a first authentication request message for the first client station to the first 
selected service provider, the first authentication request message indicating authentication 
information for the first client station; 

receiving a first authentication response message from the first selected service provider, 
the first authentication response message indicating that first client station is authenticated by the 
first selected service provider, wherein the first authentication response includes a first service 
qualification that indicates at least one of (i) one or more types of services authorized for the first 
client station and (ii) one or more extents of service authorized for the first client station; and 

in response to the first authentication response message, restricting the first client station 
to communications in a first logical layer of the access network associated with the first selected 
service provider and according to the first service qualification. 
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wherein restricting the first client station to communications in the first logical layer of 



the access network associated with the first selected service provider and according to the first 
service qualification comprises handling communications with the first client station according 
to a logic set established for the first logical layer, and 

wherein handling communications with the first client station according to the logic set 
established for the first logical layer comprises disallowing at least a predetermined type of 
communication from passing from the first client station to outside of the access network. 

22. (Previously presented) The method of claim 21, further comprising: 

prompting a second client station to select a service provider from among a plurality of 
service providers, and receiving a signal from the second client station, indicating a second 
selected service provider; 

sending a second authentication request message for the second client station to the first 
selected service provider, the second authentication request message indicating authentication 
information for the first client station; 

receiving a second authentication response message from the second selected service 
provider, the second authentication response message indicating that second client station is 
authenticated by the second selected service provider, wherein the second authentication 
response includes a second service qualification that indicates at least one of (i) one or more 
types of services authorized for the second client station and (ii) one or more extents of service 
authorized for the second client station; and 
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in response to the second authentication response message, restricting the second client 
station to communications in a second logical layer of the access network associated with the 
second selected service provider and according to the second service qualification. 

23. (Currently amended) A communication system comprising: 

means for prompting a first client station to select a service provider from among a 
plurality of service providers, and for receiving a signal from the first client station, indicating a 
first selected service provider; 

means for sending a first authentication request message for the first client station to the 
first selected service provider, the first authentication request message indicating authentication 
information for the first client station; 

means for receiving a first authentication response message from the first selected service 
provider, the first authentication response message indicating that first client station is 
authenticated by the first selected service provider, wherein the first authentication response 
includes a first service qualification that indicates at least one of (i) one or more types of services 
authorized for the first client station and (ii) one or more extents of service authorized for the 
first client station; and 

means for responding to the first authentication response message by restricting the first 
client station to communications in a first logical layer of the access network associated with the 
first selected service provider and according to the first service qualification. 

wherein restricting the first client station to communications in the first logical layer of 
the access network associated with the first selected service provider and according to the first 
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service qualification comprises handling communications with the first client station according 
to a logic set established for the first logical layer, and 

wherein handling communications with the first client station according to the logic set 
established for the first logical layer comprises disallowing at least a predetermined type of 
communication from passing from the first client station to outside of the access network. 

24. (Previously presented) The communication system of claim 23, further 

comprising: 

means for prompting a second client station to select a service provider from among a 
plurality of service providers, and for receiving a signal from the second client station, indicating 
a second selected service provider; 

means for sending a second authentication request message for the second client station 
to the first selected service provider, the second authentication request message indicating 
authentication information for the first client station; 

means for receiving a second authentication response message from the second selected 
service provider, the second authentication response message indicating that second client 
station is authenticated by the second selected service provider, wherein the second 
authentication response includes a second service qualification that indicates at least one of (i) 
one or more types of services authorized for the second client station and (ii) one or more extents 
of service authorized for the second client station; and 

means for responding to the second authentication response message by restricting the 
second client station to communications in a second logical layer of the access network 



associated with the second selected service provider and according to the second service 
qualification. 

25. (Previously presented) The method of claim 15, further comprising: 

before receiving the authentication response, assigning the subscriber to operate in a 
default layer of the access network; and 

handling communications in the default layer according to a default logic set. 

26-27. (Cancelled) 

28. (Previously presented) The method of claim 15, wherein handling 
communications with the subscriber according to the logic set established for the designated 
layer comprises: 

detecting a web page being sent to an address on the designated layer; and 
injecting into the web page information specific to the designated service provider. 

29. (Previously presented) The method of claim 28, wherein the information 
comprises an advertisement for the designated service provider. 

30. (Previously presented) The method of claim 13, wherein the subscriber 
communicates via an air interface with the access network. 



31. (New) The method of claim 13, wherein disallowing at least the predetermined 
type of communication from passing from the subscriber to outside of the access network 
comprises disallowing all communications from passing from the client station to outside of the 
access network. 

32. (New) The method of claim 21, wherein disallowing at least the predetermined 
type of communication from passing from the first client station to outside of the access network 
comprises disallowing all communications from passing from the first client station to outside of 
the access network. 

33. (New) The method of claim 23, wherein disallowing at least the predetermined 
type of communication from passing from the first client station to outside of the access network 
comprises disallowing all communications from passing from the first client station to outside of 
the access network. 
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